Phishing Mitigation on Tilera

Summary

This is the Tilera part of the OVH abuse tool suite. This tool aims to prevent known phishing URLs hosted by OVH from being reachable by spammer target. Each received packet matching : Ip, host and http request-URI will trigger the anti-phishing. In response, anti-phising will send RST packet to source and destination

Project structure

/api_script : minimal API to add/remove/list URLs managed by Tilera
/base : contains not Tilera specific code, but project specific (config, url matching...)
/common : contains not Tilera specific code, and not project specific (allocator, log, ...)
/conf : sample configuration files
- ip.conf : list of target server IPs
- main.conf : Tilera settings
/dependencies : external libraries
/stats-collector : tool running on Tilera and collecting stats to send to RRDTool
/tests : unit test on not Tilera specific code + some functional test script

Build

make clean install
/etc/init.d/tilera-phishing start

Tested on a TILE-Gx36 with gcc 4.7.2

Tests

Valgrind need to be installed to run test

Under /tests directory run make clean all to run all unit tests under valgrind checking

make clean run to run tests without valgrind

Config

main.conf

edit /etc/tilera-phishing/main.conf
some settings can be dynamicaly reloaded :
- in this case a reload is enough to update config :
  - /etc/init.d/tilera-phishing reload
  - or send a SIGUSR1 to process : pkill -SIGUSR1 tilera-phishing -n
else call
- /etc/init.d/tilera-phishing restart
workers : Nb workers to use
links : comma separated list of network interface to link
- max 4 interfaces
bridge_mode
- 0 : packets received on one network interface are sent using this same network interface
- 1 : network interfaces are bridged like this :
  - 0 <-> 1
  - 2 <-> 3
  - ie
    - packets received on interface #0 are sent through interface #1 and vice versa
    - same goes for interfaces #2 & #3

ip.conf

this file describe a list of target url to RST
syntax :
x 10.254.0.8 http://www.example.com/index.html
- RST http reequest to machine 10.254.0.8 with hostname example.com using GET command to uri /index.html
after saving ip.conf you should call /etc/init.d/tilera-phishing reload

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commits
api_script		api_script
base		base
common		common
conf		conf
dependencies/cmocka-1.0.1		dependencies/cmocka-1.0.1
stats-collector		stats-collector
tests		tests
.gitignore		.gitignore
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
Makefile		Makefile
Makefile.inc		Makefile.inc
README.md		README.md
copyright		copyright
copyright.sh		copyright.sh
debug.sh		debug.sh
deploy.sh		deploy.sh
main.initd		main.initd
ofp_channels.c		ofp_channels.c
ofp_channels.h		ofp_channels.h
ofp_config.c		ofp_config.c
ofp_config.h		ofp_config.h
ofp_gc.c		ofp_gc.c
ofp_gc.h		ofp_gc.h
ofp_ipv4.h		ofp_ipv4.h
ofp_logger.c		ofp_logger.c
ofp_logger.h		ofp_logger.h
ofp_main.c		ofp_main.c
ofp_main.h		ofp_main.h
ofp_netio.c		ofp_netio.c
ofp_netio.h		ofp_netio.h
ofp_packet_helpers.c		ofp_packet_helpers.c
ofp_packet_helpers.h		ofp_packet_helpers.h
ofp_packet_list.c		ofp_packet_list.c
ofp_packet_list.h		ofp_packet_list.h
ofp_pcap.c		ofp_pcap.c
ofp_pcap.h		ofp_pcap.h
ofp_phish.c		ofp_phish.c
ofp_phish.h		ofp_phish.h
ofp_tcp.c		ofp_tcp.c
ofp_tcp.h		ofp_tcp.h
tilera-phishing-reload.sh		tilera-phishing-reload.sh

License

ovh/phishing-mitigation

Folders and files

Latest commit

History

Repository files navigation

Phishing Mitigation on Tilera

Summary

Project structure

Build

Tests

Config

main.conf

ip.conf

About

Resources

License

Code of conduct

Stars

Watchers

Forks

Languages